global $phpmailer;
// (Re)create it, if it's gone missing
- if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) {
+ if ( ! ( $phpmailer instanceof PHPMailer ) ) {
require_once ABSPATH . WPINC . '/class-phpmailer.php';
require_once ABSPATH . WPINC . '/class-smtp.php';
$phpmailer = new PHPMailer( true );
switch ( strtolower( $name ) ) {
// Mainly for legacy -- process a From: header if it's there
case 'from':
- if ( strpos($content, '<' ) !== false ) {
- // So... making my life hard again?
- $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 );
- $from_name = str_replace( '"', '', $from_name );
- $from_name = trim( $from_name );
+ $bracket_pos = strpos( $content, '<' );
+ if ( $bracket_pos !== false ) {
+ // Text before the bracketed email is the "From" name.
+ if ( $bracket_pos > 0 ) {
+ $from_name = substr( $content, 0, $bracket_pos - 1 );
+ $from_name = str_replace( '"', '', $from_name );
+ $from_name = trim( $from_name );
+ }
- $from_email = substr( $content, strpos( $content, '<' ) + 1 );
+ $from_email = substr( $content, $bracket_pos + 1 );
$from_email = str_replace( '>', '', $from_email );
$from_email = trim( $from_email );
- } else {
+
+ // Avoid setting an empty $from_email.
+ } elseif ( '' !== trim( $content ) ) {
$from_email = trim( $content );
}
break;
case 'content-type':
if ( strpos( $content, ';' ) !== false ) {
- list( $type, $charset ) = explode( ';', $content );
+ list( $type, $charset_content ) = explode( ';', $content );
$content_type = trim( $type );
- if ( false !== stripos( $charset, 'charset=' ) ) {
- $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) );
- } elseif ( false !== stripos( $charset, 'boundary=' ) ) {
- $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset ) );
+ if ( false !== stripos( $charset_content, 'charset=' ) ) {
+ $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset_content ) );
+ } elseif ( false !== stripos( $charset_content, 'boundary=' ) ) {
+ $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset_content ) );
$charset = '';
}
- } else {
+
+ // Avoid setting an empty $content_type.
+ } elseif ( '' !== trim( $content ) ) {
$content_type = trim( $content );
}
break;
*
* @since 1.2.0
*
- * @param int|string $action Action nonce
- * @param string $query_arg Where to look for nonce in $_REQUEST (since 2.5)
+ * @param int|string $action Action nonce.
+ * @param string $query_arg Optional. Key to check for nonce in `$_REQUEST` (since 2.5).
+ * Default '_wpnonce'.
+ * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
+ * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
-function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
+function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 == $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
*
* @since 1.5.1
*
- * @param string $action The nonce action.
- * @param bool $result Whether the admin request nonce was validated.
+ * @param string $action The nonce action.
+ * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
+ * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( 'check_admin_referer', $action, $result );
return $result;
*
* @since 2.0.3
*
- * @param int|string $action Action nonce
- * @param string $query_arg Where to look for nonce in $_REQUEST (since 2.5)
+ * @param int|string $action Action nonce.
+ * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
+ * `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
+ * (in that order). Default false.
+ * @param bool $die Optional. Whether to die early when the nonce cannot be verified.
+ * Default true.
+ * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
+ * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
$nonce = '';
*
* @since 2.1.0
*
- * @param string $action The AJAX nonce action.
- * @param bool $result Whether the AJAX request nonce was validated.
+ * @param string $action The AJAX nonce action.
+ * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
+ * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( 'check_ajax_referer', $action, $result );
$location = wp_sanitize_redirect($location);
- if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' )
+ if ( !$is_IIS && PHP_SAPI != 'cgi-fcgi' )
status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location", true, $status);
* @return string redirect-sanitized URL
**/
function wp_sanitize_redirect($location) {
+ $regex = '/
+ (
+ (?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx
+ | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
+ | [\xE1-\xEC][\x80-\xBF]{2}
+ | \xED[\x80-\x9F][\x80-\xBF]
+ | [\xEE-\xEF][\x80-\xBF]{2}
+ | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
+ | [\xF1-\xF3][\x80-\xBF]{3}
+ | \xF4[\x80-\x8F][\x80-\xBF]{2}
+ ){1,40} # ...one or more times
+ )/x';
+ $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
$location = wp_kses_no_null($location);
$location = _deep_replace($strip, $location);
return $location;
}
+
+/**
+ * URL encode UTF-8 characters in a URL.
+ *
+ * @ignore
+ * @since 4.2.0
+ * @access private
+ *
+ * @see wp_sanitize_redirect()
+ */
+function _wp_sanitize_utf8_in_redirect( $matches ) {
+ return urlencode( $matches[0] );
+}
endif;
if ( !function_exists('wp_safe_redirect') ) :
switch ( $comment->comment_type ) {
case 'trackback':
$notify_message = sprintf( __( 'New trackback on your post "%s"' ), $post->post_title ) . "\r\n";
- /* translators: 1: website name, 2: author IP, 3: author domain */
- $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ /* translators: 1: website name, 2: website IP, 3: website hostname */
+ $notify_message .= sprintf( __('Website: %1$s (IP: %2$s, %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
- $notify_message .= sprintf( __( 'Comment: %s' ), $comment->comment_content ) . "\r\n\r\n";
+ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __( 'You can see all trackbacks on this post here:' ) . "\r\n";
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
break;
case 'pingback':
$notify_message = sprintf( __( 'New pingback on your post "%s"' ), $post->post_title ) . "\r\n";
- /* translators: 1: comment author, 2: author IP, 3: author domain */
- $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ /* translators: 1: website name, 2: website IP, 3: website hostname */
+ $notify_message .= sprintf( __('Website: %1$s (IP: %2$s, %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
- $notify_message .= sprintf( __( 'Comment: %s' ), $comment->comment_content ) . "\r\n\r\n";
+ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __( 'You can see all pingbacks on this post here:' ) . "\r\n";
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
default: // Comments
$notify_message = sprintf( __( 'New comment on your post "%s"' ), $post->post_title ) . "\r\n";
/* translators: 1: comment author, 2: author IP, 3: author domain */
- $notify_message .= sprintf( __( 'Author: %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ $notify_message .= sprintf( __( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __( 'E-mail: %s' ), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
$notify_message .= sprintf( __( 'Whois: %s' ), "http://whois.arin.net/rest/ip/{$comment->comment_author_IP}" ) . "\r\n";
- $notify_message .= sprintf( __('Comment: %s' ), $comment->comment_content ) . "\r\n\r\n";
+ $notify_message .= sprintf( __('Comment: %s' ), "\r\n" . $comment->comment_content ) . "\r\n\r\n";
$notify_message .= __( 'You can see all comments on this post here:' ) . "\r\n";
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
case 'trackback':
$notify_message = sprintf( __('A new trackback on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
- $notify_message .= sprintf( __('Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
- $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
+ /* translators: 1: website name, 2: website IP, 3: website hostname */
+ $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Trackback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
break;
case 'pingback':
$notify_message = sprintf( __('A new pingback on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
- $notify_message .= sprintf( __('Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
- $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
+ /* translators: 1: website name, 2: website IP, 3: website hostname */
+ $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Pingback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
break;
default: // Comments
$notify_message = sprintf( __('A new comment on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
- $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
- $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
- $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
- $notify_message .= sprintf( __('Whois : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n";
- $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
+ $notify_message .= sprintf( __( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
+ $notify_message .= sprintf( __( 'E-mail: %s' ), $comment->comment_author_email ) . "\r\n";
+ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
+ $notify_message .= sprintf( __( 'Whois: %s' ), "http://whois.arin.net/rest/ip/{$comment->comment_author_IP}" ) . "\r\n";
+ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment->comment_content ) . "\r\n\r\n";
break;
}
*
* @param string $nonce Nonce that was used in the form to verify
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
- * @return bool Whether the nonce check passed or failed.
+ * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
+ * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function wp_verify_nonce( $nonce, $action = -1 ) {
$nonce = (string) $nonce;
if ( !function_exists( 'get_avatar' ) ) :
/**
- * Retrieve the avatar for a user who provided a user ID or email address.
+ * Retrieve the avatar `<img>` tag for a user, email address, MD5 hash, comment, or post.
*
* @since 2.5.0
- *
- * @param int|string|object $id_or_email A user ID, email address, or comment object
- * @param int $size Size of the avatar image
- * @param string $default URL to a default image to use if no avatar is available
- * @param string $alt Alternative text to use in image tag. Defaults to blank
- * @return false|string `<img>` tag for the user's avatar.
-*/
-function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
- if ( ! get_option('show_avatars') )
- return false;
+ * @since 4.2.0 Optional `$args` parameter added.
+ *
+ * @param mixed $id_or_email The Gravatar to retrieve. Accepts a user_id, gravatar md5 hash,
+ * user email, WP_User object, WP_Post object, or comment object.
+ * @param int $size Optional. Height and width of the avatar image file in pixels. Default 96.
+ * @param string $default Optional. URL for the default image or a default type. Accepts '404'
+ * (return a 404 instead of a default image), 'retro' (8bit), 'monsterid'
+ * (monster), 'wavatar' (cartoon face), 'indenticon' (the "quilt"),
+ * 'mystery', 'mm', or 'mysterman' (The Oyster Man), 'blank' (transparent GIF),
+ * or 'gravatar_default' (the Gravatar logo). Default is the value of the
+ * 'avatar_default' option, with a fallback of 'mystery'.
+ * @param string $alt Optional. Alternative text to use in <img> tag. Default empty.
+ * @param array $args {
+ * Optional. Extra arguments to retrieve the avatar.
+ *
+ * @type int $height Display height of the avatar in pixels. Defaults to $size.
+ * @type int $width Display width of the avatar in pixels. Defaults to $size.
+ * @type bool $force_default Whether to always show the default image, never the Gravatar. Default false.
+ * @type string $rating What rating to display avatars up to. Accepts 'G', 'PG', 'R', 'X', and are
+ * judged in that order. Default is the value of the 'avatar_rating' option.
+ * @type string $scheme URL scheme to use. See set_url_scheme() for accepted values.
+ * Default null.
+ * @type array|string $class Array or string of additional classes to add to the <img> element.
+ * Default null.
+ * @type bool $force_display Whether to always show the avatar - ignores the show_avatars option.
+ * Default false.
+ * @type string $extra_attr HTML attributes to insert in the IMG element. Is not sanitized. Default empty.
+ * }
+ * @return false|string `<img>` tag for the user's avatar. False on failure.
+ */
+function get_avatar( $id_or_email, $size = 96, $default = '', $alt = '', $args = null ) {
+ $defaults = array(
+ // get_avatar_data() args.
+ 'size' => 96,
+ 'height' => null,
+ 'width' => null,
+ 'default' => get_option( 'avatar_default', 'mystery' ),
+ 'force_default' => false,
+ 'rating' => get_option( 'avatar_rating' ),
+ 'scheme' => null,
+ 'alt' => '',
+ 'class' => null,
+ 'force_display' => false,
+ 'extra_attr' => '',
+ );
- if ( false === $alt)
- $safe_alt = '';
- else
- $safe_alt = esc_attr( $alt );
+ if ( empty( $args ) ) {
+ $args = array();
+ }
- if ( !is_numeric($size) )
- $size = '96';
+ $args['size'] = (int) $size;
+ $args['default'] = $default;
+ $args['alt'] = $alt;
- $email = '';
- if ( is_numeric($id_or_email) ) {
- $id = (int) $id_or_email;
- $user = get_userdata($id);
- if ( $user )
- $email = $user->user_email;
- } elseif ( is_object($id_or_email) ) {
- // No avatar for pingbacks or trackbacks
+ $args = wp_parse_args( $args, $defaults );
- /**
- * Filter the list of allowed comment types for retrieving avatars.
- *
- * @since 3.0.0
- *
- * @param array $types An array of content types. Default only contains 'comment'.
- */
- $allowed_comment_types = apply_filters( 'get_avatar_comment_types', array( 'comment' ) );
- if ( ! empty( $id_or_email->comment_type ) && ! in_array( $id_or_email->comment_type, (array) $allowed_comment_types ) )
- return false;
+ if ( empty( $args['height'] ) ) {
+ $args['height'] = $args['size'];
+ }
+ if ( empty( $args['width'] ) ) {
+ $args['width'] = $args['size'];
+ }
- if ( ! empty( $id_or_email->user_id ) ) {
- $id = (int) $id_or_email->user_id;
- $user = get_userdata($id);
- if ( $user )
- $email = $user->user_email;
- }
+ /**
+ * Filter whether to retrieve the avatar URL early.
+ *
+ * Passing a non-null value will effectively short-circuit get_avatar(), passing
+ * the value through the {@see 'pre_get_avatar'} filter and returning early.
+ *
+ * @since 4.2.0
+ *
+ * @param string $avatar HTML for the user's avatar. Default null.
+ * @param int|object|string $id_or_email A user ID, email address, or comment object.
+ * @param array $args Arguments passed to get_avatar_url(), after processing.
+ */
+ $avatar = apply_filters( 'pre_get_avatar', null, $id_or_email, $args );
- if ( ! $email && ! empty( $id_or_email->comment_author_email ) )
- $email = $id_or_email->comment_author_email;
- } else {
- $email = $id_or_email;
+ if ( ! is_null( $avatar ) ) {
+ /** This filter is documented in wp-includes/pluggable.php */
+ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
}
- if ( empty($default) ) {
- $avatar_default = get_option('avatar_default');
- if ( empty($avatar_default) )
- $default = 'mystery';
- else
- $default = $avatar_default;
+ if ( ! $args['force_display'] && ! get_option( 'show_avatars' ) ) {
+ return false;
}
- if ( !empty($email) )
- $email_hash = md5( strtolower( trim( $email ) ) );
+ $url2x = get_avatar_url( $id_or_email, array_merge( $args, array( 'size' => $args['size'] * 2 ) ) );
- if ( is_ssl() ) {
- $host = 'https://secure.gravatar.com';
- } else {
- if ( !empty($email) )
- $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash[0] ) % 2 ) );
- else
- $host = 'http://0.gravatar.com';
- }
-
- if ( 'mystery' == $default )
- $default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
- elseif ( 'blank' == $default )
- $default = $email ? 'blank' : includes_url( 'images/blank.gif' );
- elseif ( !empty($email) && 'gravatar_default' == $default )
- $default = '';
- elseif ( 'gravatar_default' == $default )
- $default = "$host/avatar/?s={$size}";
- elseif ( empty($email) )
- $default = "$host/avatar/?d=$default&s={$size}";
- elseif ( strpos($default, 'http://') === 0 )
- $default = add_query_arg( 's', $size, $default );
-
- if ( !empty($email) ) {
- $out = "$host/avatar/";
- $out .= $email_hash;
- $out .= '?s='.$size;
- $out .= '&d=' . urlencode( $default );
-
- $rating = get_option('avatar_rating');
- if ( !empty( $rating ) )
- $out .= "&r={$rating}";
-
- $out = str_replace( '&', '&', esc_url( $out ) );
- $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
- } else {
- $out = esc_url( $default );
- $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
+ $args = get_avatar_data( $id_or_email, $args );
+
+ $url = $args['url'];
+
+ if ( ! $url || is_wp_error( $url ) ) {
+ return false;
+ }
+
+ $class = array( 'avatar', 'avatar-' . (int) $args['size'], 'photo' );
+
+ if ( ! $args['found_avatar'] || $args['force_default'] ) {
+ $class[] = 'avatar-default';
}
+ if ( $args['class'] ) {
+ if ( is_array( $args['class'] ) ) {
+ $class = array_merge( $class, $args['class'] );
+ } else {
+ $class[] = $args['class'];
+ }
+ }
+
+ $avatar = sprintf(
+ "<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",
+ esc_attr( $args['alt'] ),
+ esc_url( $url ),
+ esc_attr( "$url2x 2x" ),
+ esc_attr( join( ' ', $class ) ),
+ (int) $args['height'],
+ (int) $args['width'],
+ $args['extra_attr']
+ );
+
/**
* Filter the avatar to retrieve.
*
* @since 2.5.0
+ * @since 4.2.0 The `$args` parameter was added.
*
- * @param string $avatar Image tag for the user's avatar.
+ * @param string $avatar <img> tag for the user's avatar.
* @param int|object|string $id_or_email A user ID, email address, or comment object.
* @param int $size Square avatar width and height in pixels to retrieve.
* @param string $alt Alternative text to use in the avatar image tag.
* Default empty.
+ * @param array $args Arguments passed to get_avatar_data(), after processing.
*/
- return apply_filters( 'get_avatar', $avatar, $id_or_email, $size, $default, $alt );
+ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
}
endif;
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff